Lucene search
SAINT CorporationSAINT:F8AD063FADC61CA774C17410349220ABHistoryDec 18, 2013 - 12:00 a.m.
HP LoadRunner Virtual User Generator EmulationAdmin service directory traversal
2013-12-1800:00:00
SAINT Corporation
www.saintcorporation.com
16
0.959 High
EPSS
Percentile
99.3%
Added: 12/18/2013
CVE: CVE-2013-4837
BID: 63475
OSVDB: 99231
Background
HP LoadRunner is a software performance testing solution.
Problem
A directory traversal vulnerability in the Virtual User Generator EmulationAdmin service allows remote attackers to upload files to arbitrary locations using the copyFileToServer method. The files could then be executed via an HTTP request.
Resolution
Apply LoadRunnner patch v11.52.1, which can be downloaded from HP Software Support Online (SSO).
References
<https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03969437>
<http://www.zerodayinitiative.com/advisories/ZDI-13-259/>
Limitations
Exploit works on HP LoadRunner 11.52. HP LoadRunner must be installed in the standard installation path.
Platforms
Windows
Related
zdi
zdi
zdt
zdt
HP LoadRunner EmulationAdmin Web Service Directory Traversal
2013-12-11 00:00:00
checkpoint_advisories
checkpoint_advisories
saint
saint
cvelist
cvelist
CVE-2013-4837
2022-10-03 16:14:58
cve
cve
CVE-2013-4837
2013-11-04 16:55:00
prion
prion
Security feature bypass
2013-11-04 16:55:00
packetstorm
packetstorm
HP LoadRunner EmulationAdmin Web Service Directory Traversal
2013-12-11 00:00:00
securityvulns
securityvulns
[security bulletin] HPSBMU02935 rev.1 - HP LoadRunner Virtual User Generator, Remote Code Execution
2013-11-05 00:00:00
HP LoadRunner code execution
2013-11-05 00:00:00
nessus
nessus
HP LoadRunner < 11.52 Patch 1 Multiple Vulnerabilities
2013-11-09 00:00:00